packages/aops-ceres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!59 [sync] PR-57: 修复热补丁修复的CVE重复展示的问题

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zhu-yuncheng 
Signed-off-by: @zhu-yuncheng
This commit is contained in:
openeuler-ci-bot 2023-08-30 01:41:59 +00:00 committed by Gitee
commit 8ecd6ec56c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 55 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
0001-fix-bug-repeated-display-of-vulnerabilities.patch Normal file
View File

@ -0,0 +1,49 @@
From 83752eec95b4aff92786d09b6291700ed0c405a1 Mon Sep 17 00:00:00 2001
From: rabbitali <shusheng.wen@outlook.com>
Date: Tue, 29 Aug 2023 21:35:08 +0800
Subject: [PATCH] the problem of repeated display of vulnerabilities fixed by hot patches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
ceres/manages/vulnerability_manage.py | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py
index 3f85d3d..747df61 100644
--- a/ceres/manages/vulnerability_manage.py
+++ b/ceres/manages/vulnerability_manage.py
@@ -435,6 +435,7 @@ class VulnerabilityManage:
if not applied_hotpatch_info_list:
return result
+ record_key_set = {}
for cve_id, patch_name, hotpatch_status in applied_hotpatch_info_list:
rpm = patch_name.split("-", 1)[0]
# Refer to this example, the CVE can be marked as fixed only if all hotpatch are applied.
@@ -442,7 +443,12 @@ class VulnerabilityManage:
# CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED
# CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED
# CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED
- if f"{cve_id}-{rpm}" not in self.available_hotpatch_key_set and hotpatch_status in ("ACTIVED", "ACCEPTED"):
+ record_key = f"{cve_id}-{rpm}"
+ if (
+ (record_key not in self.available_hotpatch_key_set)
+ and (hotpatch_status in ("ACTIVED", "ACCEPTED"))
+ and record_key not in record_key_set
+ ):
result.append(
{
"cve_id": cve_id,
@@ -451,6 +457,7 @@ class VulnerabilityManage:
"hp_status": hotpatch_status,
}
)
+ record_key_set.add(record_key)
return result
def cve_fix(self, unfixed_cve_info: dict) -> Tuple[str, dict]:
--
2.33.0

9
aops-ceres.spec
View File

@ -1,11 +1,11 @@
Name: aops-ceres Name: aops-ceres
Version: v1.3.0 Version: v1.3.0
Release: 1 Release: 2
Summary: An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on. Summary: An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on.
License: MulanPSL2 License: MulanPSL2
URL: https://gitee.com/openeuler/%{name} URL: https://gitee.com/openeuler/%{name}
Source0: %{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.gz
Patch0001: 0001-fix-bug-repeated-display-of-vulnerabilities.patch
BuildRequires: python3-setuptools BuildRequires: python3-setuptools
Requires: python3-requests python3-jsonschema python3-libconf Requires: python3-requests python3-jsonschema python3-libconf
@ -19,7 +19,7 @@ An agent which needs to be adopted in client, it managers some plugins, such as
%prep %prep
%autosetup -n %{name}-%{version} %autosetup -n %{name}-%{version} -p1
# build for aops-ceres # build for aops-ceres
@ -40,6 +40,9 @@ An agent which needs to be adopted in client, it managers some plugins, such as
%changelog %changelog
* Tue Aug 29 2023 wenxin<shusheng.wen@outlook.com> - v1.3.0-2
- fix bug: repeated display of vulnerabilities fixed by hotpatch
* Tue Aug 29 2023 wenxin<shusheng.wen@outlook.com> - v1.3.0-1 * Tue Aug 29 2023 wenxin<shusheng.wen@outlook.com> - v1.3.0-1
- update vulnerability scanning method and vulnerability fix method - update vulnerability scanning method and vulnerability fix method